Surviving the Week 11/2/12, Ford website hacked by NullCrew

We’re a bit late this week on our Surviving the Week post, because we’ve been busy with our recent product launch of NTOSpider 6.

During the month of October, I spoke at HouSecCon, ToorCon and OWASP AppSec USA with an emphasis on why newer technologies, like REST, AJAX, JSON and GWT create challenges for modern web scanners and how security professional can determine if scanners are effectively scanning and attacking them.

The U.S. Government Accountability Office (GAO) found in its August 2012 report that “18 of 24 major federal agencies have reported inadequate information security controls,” and “inspectors general at 22 of these agencies identified information security as a major management challenge for their agency.” And in its September 2012 report on mobile security, GAO found that malware aimed at mobile devices alone has risen 185% in less than a year. Talk about scary.

On October 10, the S.C. Division of Information Technology informed the S.C. Department of Revenue of a potential cyber attack involving the personal information of taxpayers. Six days later, investigators uncovered two attempts to probe the system in early September, as well as a previous attempt that was made in late August. In mid-September, two other intrusions occurred that authorities believe were the first times the intruder or intruders obtained data. No other intrusions have been uncovered at this time, and on Oct. 20, the vulnerability in the system was closed, according to the DOR.http://www.securityweek.com/south-carolina-hit-massive-cyberattack

On Cybersecurity, Small Businesses Flirting with Disaster

U.S. small businesses are hiding behind the belief they have done enough to secure themselves against hackers and malware when in reality many are vulnerable to attacks that could doom their businesses, according to a recent survey. The survey, sponsored by the National Cyber Security Alliance (NCSA) and Symantec, found that 77% of 1,015 small businesses think they are safe from cyber attacks. The survey defines small business as a company with less than 250 employees. Use NTOSpider on-demand to test your application. NTOSpider on-demand allows small and medium business to scan their applications effectively without requiring any security staff. Our consulting team can help you verify the scan results
http://www.zdnet.com/on-cybersecurity-small-businesses-flirting-with-disaster-survey-finds-7000005891/

Number of XSS, SQL Injection, File include and other high risk vulnerabilities in some of the very commonly used platform/applications